Information security experts offer two timely Apple iOS device reminders: First, never jailbreak the devices. Second, enterprise security managers must ensure that they ruthlessly block any jailbroken devices from accessing corporate networks because they pose a security risk.
The bad news is that the new KeyRaider malware has so far compromised more than 225,000 Apple accounts worldwide. The good news, according to Ryan Olson of Palo Alto Networks, is that only modified, or "jailbroken," ioS devices are at risk.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
What do successful but separate malware attacks against banking customers around the world, as well as the White House and health insurer Anthem, all have in common? Researchers say the answer is shockingly simple.
The APT gang known as Darkhotel quickly tapped a Hacking Team exploit for Flash, Kaspersky Lab reports. But the gang's ongoing trickery shows that organizations must do more than just patch against the latest threats.
The takedown of Gameover Zeus taught law enforcement and banks many lessons, including that Trojans are being used to steal corporate secrets, not just money, says Eward Driehuis of Fox-IT, which investigated the threat actors behind the Trojan.
Georgia Tech researchers are attempting to develop new processes and technologies to more easily detect malware. The goal, researcher Wenke Lee explains, is to find an effective way to identify and expunge advanced persistent threats
The toolbar distributed by Chinese-language search engine Baidu is being targeted by opportunistic attackers and used to exfiltrate corporate secrets, warns Rob Eggebrecht, president and CEO of the security firm InteliSecure.
Attributing the Anthem, OPM and other breaches to specific attackers might be useful for government-level diplomatic efforts. But organizations must prioritize blocking all types of espionage and cybercrime attacks, says Symantec's Vikram Thakur.
The prices for stolen payment card data and other cybercrime products and services on Russian underground forums continue to fall. But the cybercrime ecosystem is more automated, effective and robust than ever, Trend Micro reports.
Security researchers reported a zero-day bug to Microsoft - which has patched the flaw - after reverse-engineering details were contained in a bug hunter's sales pitch to hacked surveillance software vendor Hacking Team.
In-the-wild attacks have been found targeting at least one of two new zero-day Flash flaws leaked by Hacking Team's hacker. Separately, cyber-espionage APT attackers have been targeting a new Java flaw.
Warning: All versions of Flash Player are vulnerable to a zero-day, weaponized exploit that became public when Italian spyware vendor Hacking Team was hacked, and 400 GB of corporate data leaked. Adobe has released an update to patch the flaw.
An unconfirmed post-breach report for bitcoin exchange Bitstamp shows the organization was targeted by a sustained attack that combined phishing via email and Skype with macro malware to successfully steal almost 19,000 bitcoins, worth $5 million.